https://bz.apache.org/bugzilla/show_bug.cgi?id=69326
Bug ID: 69326 Summary: Documentation for AuthName should note that nowadays, browsers no longer display the "realm" Product: Apache httpd-2 Version: 2.4.62 Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: mod_authn_core Assignee: bugs@httpd.apache.org Reporter: bugh...@gluino.name Target Milestone: --- It seems that these days, browsers no longer show the "realm" string specified by AuthName in the password dialog as this string is not trusthworthy: See: https://stackoverflow.com/questions/69303610/why-dont-modern-web-browsers-display-the-realm-value-for-http-authentication "The reason is that this could be abused for phishing attacks, by putting some misleading message into the realm. The login dialog for http authentication is part of the trusted browser UI, and giving the server the opportunity to modify that UI - even by just displaying text - is a security risk." This fact should be noted in the documentation for https://httpd.apache.org/docs/2.4/mod/mod_authn_core.html#authname -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org